W dniu 05.11.2020 o 01:41, mike tancsa pisze:
Hi,
Is this an issue in HEAD only ? Or is it something that needs to be
MFC'd ?
---Mike
It has been MFCed to 12-STABLE with r367402[1].
What about 11-STABLE users? Should they be worried about missing MFC as
well or ignore the issue as
Hi,
Is this an issue in HEAD only ? Or is it something that needs to be
MFC'd ?
---Mike
On 10/28/2020 4:27 PM, Alexander V. Chernikov wrote:
> 28.10.2020, 20:25, "Alexander V. Chernikov" :
>> 28.10.2020, 18:34, "Maxime Villard" :
>>> In icmp6_notify_error(), 'finaldst' points to data wit
28.10.2020, 20:25, "Alexander V. Chernikov" :
> 28.10.2020, 18:34, "Maxime Villard" :
>> In icmp6_notify_error(), 'finaldst' points to data within an mbuf, but when
>> iterating over the next IPv6 options the kernel can free that mbuf, meaning
>> the dereferences of 'finaldst' hit a freed buffer.
[
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
In icmp6_notify_error(), 'finaldst' points to data within an mbuf, but when
iterating over the next IPv6 options the kernel can free that mbuf, meaning
the dereferences of 'finaldst' hit a freed buffer.
Note that this is triggerable without specific conditions, over just ICMPv6.
Maxime
_
